Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Collabora NextCloud issue

    Collabora Online (CODE)
    collabora
    4
    7
    750
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • iamthefij
      iamthefij App Dev last edited by girish

      Ok, so I've been racking my brain on this one for a while and can't figure it out.

      I've got NextCloud installed at cloud.mydomain.com, and Collabora installed at docs.mydomain.com. I've updated Collabora to allow framing by https://cloud.mydomain.com as well as updated the host name in the app itself. I've also installed the Collabora app in NextCloud as well as told it to look at https://docs.mydomain.com.

      This had been working for a while. Today I noticed it just kept spinning when trying to view a doc and see in the JavaScript console the following perplexing line:

      Loading denied by X-Frame-Options: https://md.mydomain.com/ does not permit framing by https://cloud.mydomain.com/apps/files/?dir=/path/to/doc
      

      What?! I do have an app (CodiMD) hosted at md.mydomain.com, however, that is something completely irrelevant. Just in case, I updated it to allow framing in https://cloud.iamthefij.com, but that doesn't seem to have helped either.

      From there I started debugging. I grepped the /app directories for md.mydomain.com in both my NextCloud and Collabora containers, but found nothing. I tried renaming md.mydomain.com to md2.mydomain.com, but I got the exact same error:

      Loading denied by X-Frame-Options: https://md.mydomain.com/ does not permit framing by https://cloud.mydomain.com/apps/files/?dir=/path/to/doc
      

      On the other hand, when I rename docs.mydomain.com to docs2.mydomain.com, I get a NextCloud error that it can't connect to Collabora!

      So it seems like NextCloud is connecting to Collabora, but for some reason it's then trying to load a different host...

      murgero 1 Reply Last reply Reply Quote 0
      • murgero
        murgero App Dev @iamthefij last edited by

        @iamthefij Can you try resetting collabora? if you leave the default settings it only allows connections from your domain anyway

        --
        https://urgero.org
        ~ Professional Nerd. Freelance Programmer. ~
        Matrix: @murgero:urgero.org

        1 Reply Last reply Reply Quote 0
        • nebulon
          nebulon Staff last edited by

          I cannot think of anything causing nextcloud to iframe some random other domain. As @murgero said reinstalling collabora on the same domain should fix this, as the defaults should be ok already.

          1 Reply Last reply Reply Quote 1
          • iamthefij
            iamthefij App Dev last edited by

            Tried that, but it did not fix it. For some reason it still shows the same thing.

            FYI, the default is insecure. [a-zA-Z0-9_\-.]*example.com would actually allow someone to use a malicious domain like fake-example.com and use the instance as it would match that regex. It should really be example.com|[a-zA-Z0-9_\-]+.example.com. That way it's checking for root domain or any subdomain with a dot before the domain.

            1 Reply Last reply Reply Quote 1
            • iamthefij
              iamthefij App Dev last edited by

              Just tried in Safari and got much more detailed information:

              [Error] Invalid 'X-Frame-Options' header encountered when loading 'https://cloud.example.com/apps/richdocuments/index?fileId=11418&requesttoken=blah': 'ALLOW-FROM https://md.example.com' is not a recognized directive. The header will be ignored.
              [Error] Invalid 'X-Frame-Options' header encountered when loading 'https://docs.example.com/loleaflet/blah/loleaflet.html?WOPISrc=https%3A%2F%2Fcloud.example.com%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F11418_blah&title=Test.odt&lang=en&closebutton=1&revisionhistory=1': 'ALLOW-FROM https://cloud.example.com' is not a recognized directive. The header will be ignored.
              

              It looks like both are trying to frame each other. When I did check my settings for cloud.example.com, I saw that I had allowed cloud.example.com to be embedded in md.example.com, so I'm wondering if that's where this is coming from.

              Updated both to allow embedding from each other now.

              Oddly enough I still get errors saying framing is not allowed.

              Firefox gives me:

              Load denied by X-Frame-Options: https://docs.example.com/ does not permit framing by https://cloud.example.com/apps/files/?dir=/Documents
              

              Safari gives me:

              [Error] Invalid 'X-Frame-Options' header encountered when loading 'https://cloud.example.com/apps/richdocuments/index?fileId=11418&requesttoken=blah%3D%blah%blah%3D': 'ALLOW-FROM https://docs.example.com' is not a recognized directive. The header will be ignored.
              [Error] Invalid 'X-Frame-Options' header encountered when loading 'https://docs.example.com/loleaflet/blah/loleaflet.html?WOPISrc=https%3A%2F%2Fcloud.example.com%2Fapps%2Frichdocuments%2Fwopi%2Ffiles%2F1141blah&title=Test.odt&lang=en&closebutton=1&revisionhistory=1': 'ALLOW-FROM https://cloud.example.com' is not a recognized directive. The header will be ignored.
              

              The header itself shows X-Frame-Options: ALLOW-FROM https://cloud.example.com... which looks right.

              1 Reply Last reply Reply Quote 0
              • iamthefij
                iamthefij App Dev last edited by

                More debugging weirdness! Looks like the Safari errors can be ignored. The iframe actually seems to be loading fine. I tested using my external link to Gitea embedded in NextCloud. It renders just fine, but the errors still shows in the log. Weird.

                Then, within the Collabora frame inside NextCloud, I was getting an error saying:

                Failed to read document from storage. Please contact your storage server (cloud.example.com) administrator.

                Turns out that was related to open a new document. It now works in Safari with older documents but new documents won't work.

                Firefox still gives me the previous error, though I just noticed there is also a different error present, so maybe the X-Frame-Options one is a red herring.

                Load denied by X-Frame-Options: https://docs.example.com/ does not permit framing by https://cloud.example.com/apps/files/.
                Content Security Policy: Ignoring “'unsafe-inline'” within script-src or style-src: nonce-source or hash-source specified
                

                Sorry, this is a lot of info. I'm just dumping it all as I debug for someone's future reference (probably mine).

                1 Reply Last reply Reply Quote 0
                • girish
                  girish Staff last edited by

                  @iamthefij I don't know if this is related, but we have an open task to move away from X-Frame-Options which seems to be deprecated - https://git.cloudron.io/cloudron/box/issues/596

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Powered by NodeBB